Build HTTPS manually

Preface:HTTPS (full name: Hyper Text Transfer Protocol over secure Socket Layer) is security-targetedHTTPChannel, simply speaking is the security version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL. It is a URI scheme (abstract identifier system), syntax-similarhttp: System. For secure HTTP data transfer. Https:url indicates that it uses HTTP, but HTTPS has a different default than HTTPPortand an encryption/authentication layer (between HTTP and TCP). The system was originally developed byNetscapeCompany (Netscape), and built into its browser Netscape Navigator, provides authentication and encryptionCommunicationmethod. Now it is widely used inWorld wide webSecurity-sensitive communications, such as the payment of transactions.

Preparatory work:

Four virtual machines: one DNS server (172.18.48.215), one access host (220), one HTTP server (100), one CA certificate host (225)

Turn off the firewall and turn off SELinux

Open the appropriate service

Install the appropriate application package

One, CA

1. Create a private key certificate

(Umask=066;openssl genrsa-out./PRIVATE/CAKEY.PEM 2048)

2. Create a self-signed CA certificate

OpenSSL req-new-x509-key./private/cakey.pem-days 3650-out Cacert.pem

3. Create the private key of the HTTP host

(umask=066; OpenSSL genrsa-out Key.pem 1024)

4. Create a certificate request for the HTTP host

OpenSSL Req-new-key key.pem-out Cert.pem

5. Submit the certificate to CA,CA and then send the certificate file to the HTTP host

SCP CERT.CSR CA Host (performed on HTTP host)

OpenSSL ca-in cert.csr-out text.crt-days 365

SCP TEXT.CRT HTTP host (performed on CA host)

Second, DNS

1. Vim/etc/named.rfc1912.zones

Zone "A.com" {

Type master;

File "Xdg.com.zone";

};

Zone "b.NET" {

Type master;

File "B.net.zone";

};

Zone "c.org" {

Type master;

File "C.org.zone";

};

2. Vim/var/named/a.com.zone (two other similar)

$TTL 1D

@ in SOA acom www.xdg.com. (

0; Serial

1D; Refresh

1H; Retry

1W; Expire

3H); Minimum

NS acom

Acom A 172.18.48.225

Websrv A 172.18.48.100

www CNAME websrv

FTP A 172.18.48.100

Third, HTTP

Make the corresponding Web Response page on the HTTP server (here is the Virtual Host Response page)

1. Configure the/etc/httpd/conf/httpd.conf file before using the virtual machine

# in the virtual host to the virtual host in response to the domain name to start or not to use the domain name access

Namevirtualhost *:80 # is off by default (not on CENTOS7)

2. Here I am alone create a profile to manage the sites of my virtual host

Vim/etc/httpd/conf.d/vhost.conf #这里目录下, store the configuration file, and the file suffix must be. conf

<virtualhost *:80>

ServerName www.a.com

DocumentRoot "/var/www/html/a/"

</virtualhost>

<virtualhost *:80>

ServerName Www.b.net

DocumentRoot "/var/www/html/b/"

</virtualhost>

<virtualhost *:80>

ServerName www.c.org

DocumentRoot "/var/www/html/c/"

</virtualhost>

Four, HTTPS

Yum Install mod_ssl # installation Module

Vim/etc/httpd/conf.d/ssl.conf # Edit configuration file

Sslcertificatefile/etc/httpd/conf.d/ssl/httpd.crt

# *.a.com Certificate, if there are multiple different domain names to be created separately, apply

Sslcertificatekeyfile/etc/httpd/conf.d/ssl/httpd.key # Host's private key file

SSLCACERTIFICATEFILE/ETC/HTTPD/CONF.D/SSL/CACERT.PEM # certificate file for CA

<virtualhost _default_:443> # If you specify a different IP to modify here

ServerName Www.a.com # Name of the domain to which you are visiting

DocumentRoot the directory where "/var/www/html/a/" # is located

V. Testing

1. On the access host, DNS points to the host of the DNS server

2. At the time of testing, the directory of the service must have the corresponding permission to access (will report 403 error message)

Build HTTPS manually